re: XXX Server Dial Up - Adware/Spyware - hijack this log. Please HELP!
Monday, February 2, 2004 at 5:57 am
Windows XP Annoyances Discussion Forum
Posted by mojo7819
(5744 messages posted)
In addition to Spybot S&D, Try these other tools:
Download, install, UPDATE, and run:
Ad-Aware 6.0
SpywareGuard
Download and install:
Google Toolbar & activate
the pop-up blocker.
Download and run:
CWShredder
Make sure they are updated before running.
Don't worry about HijackThis until you have run all of these. These tools will automatically
clean up most of the problems, as well as help to prevent further attacks. After
these have all been run, you can post a HijickThis log if you wish. It should be
pretty clean by that time.
On Monday, February 2, 2004 at 5:00 am, Kevin wrote:
>Can someone help me out? I have just today recieved the xxx server dialup. It attempted
>to try and dial out to the number 5551212. I want to make
>
>sure though that this and all spyware/adware is off this laptop.
>
>I am not the best at this sort of thing so any help would be appreciated. I have
>read previous posts on this subject and they suggest downloading
>
>and installing SpyBot Search and Destroy. Ive done this and checked and downloaded
>all available updates. Then I deleted all temporary internet
>
>files and cookies along with history.
>
>I should point out I am on winXP. I didnt delete all *.tmp files as one person
on
>a previous thread suggested because he was instructing someone
>
>with Win98. Should I do the same? Should I empty the contents of the C:\Windows\temp
>folder and C:\temp folder? Will that do any damage?
>
>Anyway another thing he mentioned was posting a "hijack This Log". I am not sure
>what that is but I have provided below a clipboard paste from
>
>SpyBot after I ran it. I have taken no action in removing anything as I am waiting
>for some advice from you helpful people. Please help! Thanks in
>
>advance.
>
>Please explain in simple terms as I am not a massively techie guy. Thanks again.
>
>CDilla: Program directory (Directory, nothing done)
> c:\C_DILLA
>
>ClearSearch.Net: Autorun settings (Registry value, nothing done)
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ClrSchLoader
>
>ClearSearch.Net: Program file (File, nothing done)
> C:\Program Files\ClearSearch\Loader.exe
>
>DyFuCA: Global settings (Registry key, nothing done)
> HKEY_LOCAL_MACHINE\Software\FCI
>
>DyFuCA: Library (File, nothing done)
> C:\WINDOWS\nem214.dll
>
>DyFuCA.InternetOptimizer: Global settings (Registry key, nothing done)
> HKEY_LOCAL_MACHINE\Software\Avenue Media
>
>DyFuCA.InternetOptimizer: User settings (Registry key, nothing done)
> HKEY_USERS\S-1-5-21-2000478354-813497703-854245398-1003\Software\Avenue Media
>
>IGetNet: Browser helper object (Registry key, nothing done)
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser
Helper
>Objects\{947E6D5A-4B9F-4CF4-91B3-562CA8D03313}
>
>ShopAtHome: Autorun settings (Registry value, nothing done)
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SAHAgent
>
>ShopAtHome: Class (Registry key, nothing done)
> HKEY_CLASSES_ROOT\WEBInstaller.execute.1
>
>ShopAtHome: Class (Registry key, nothing done)
> HKEY_CLASSES_ROOT\WEBInstaller.execute
>
>ShopAtHome: Class ID (Registry key, nothing done)
> HKEY_CLASSES_ROOT\CLSID\{30402FF4-3E71-4A1C-9B4B-1CD3486A9FB2}
>
>ShopAtHome: Data file (File, nothing done)
> C:\WINDOWS\System32\vg.dat
>
>ShopAtHome: Executable (File, nothing done)
> C:\WINDOWS\Downloaded Program Files\SAHDownloader_.exe
>
>ShopAtHome: Global settings (Registry key, nothing done)
> HKEY_LOCAL_MACHINE\Software\VGroup\SAHAgent
>
>ShopAtHome: Interface (Registry key, nothing done)
> HKEY_CLASSES_ROOT\Interface\{4E570F74-DEEE-4FCF-B960-FEEFA4B8C6FC}
>
>ShopAtHome: Interface (Registry key, nothing done)
> HKEY_CLASSES_ROOT\Interface\{4828C95F-C5DB-4AB6-A945-8D8EC44B98A8}
>
>ShopAtHome: Library (File, nothing done)
> C:\WINDOWS\System32\lsp.dll
>
>ShopAtHome: Typelib (Registry key, nothing done)
> HKEY_CLASSES_ROOT\Typelib\{CDE442A3-DC2C-467E-A311-B4BC775D86C5}
>
>VX2/?: User settings (Registry key, nothing done)
> HKEY_USERS\S-1-5-21-2000478354-813497703-854245398-1003\Software\Destiny
>
>VX2/h.ABetterInternet: Browser helper object (Registry key, nothing done)
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser
Helper
>Objects\{000006B1-19B5-414A-849F-2A3C64AE6939}
>
>VX2/h.ABetterInternet: Executable (File, nothing done)
> C:\WINDOWS\biprep.exe
>
>VX2/h.ABetterInternet: Uninstall settings (Registry key, nothing done)
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dbi
>
>Windows Media Player: Client ID (Registry change, nothing done)
> HKEY_USERS\S-1-5-21-2000478354-813497703-854245398-1003\Software\Microsoft\MediaPlayer\Player\Settings\Client
>ID=
>
>
>--- Spybot-S&D version: 1.2 ---
>2003-11-05 Includes\Cookies.sbi
>2003-10-27 Includes\Dialer.sbi
>2003-12-17 Includes\Hijackers.sbi
>2003-11-11 Includes\Keyloggers.sbi
>2003-12-17 Includes\Malware.sbi
>2003-03-16 Includes\plugin-ignore.ini
>2003-11-05 Includes\Security.sbi
>2003-12-17 Includes\Spybots.sbi
>2003-03-16 Includes\Temporary.sbi
>2003-11-27 Includes\Tracks.uti
>2003-12-10 Includes\Trojans.sbi
>
>
|
All messages in this thread [show all]
 |  | re: XXX Server Dial Up - Adware/Spyware - hijack this log. Please HELP! (mojo7819: Mon, Feb 2, 2004, 5:57 am) |
| |
| |
| |
Return to the Windows XP Discussion Forum
|
|
